Tag Archives: Scams

A few weeks ago, I posted an article about the relationship between fear and fraud. Basically, if someone is trying to make you afraid, then asking for money or personal information, it is very likely that they are trying to steal from you.

There is another emotion that scammers will often prey upon: greed. That all-too-human desire to get something for nothing, and to be the one with the most.

The most obvious example I can think of is the old Lottery Scam. By stoking greed with the promise of vast, out-of-nowhere riches, the perpetrators of this scam hope you won’t notice how suspicious the hoops they’re asking you to jump through are. The promise of millions of dollars is misdirection; while you’ve got your eyes on the prize, you might not remember how unwise it is to wire a few thousand dollars to a stranger, or that “cash this check and wire the money back to me” is a weird request to begin with.

Other examples include the Car Wrap Advertising scam, the Pigeon Drop scheme (“I found money, let’s share it!”), and of course the old Nigerian 419 scam (“I’m an exiled prince; help me retrieve my fortune and I’ll share it with you,” which at this point isn’t even a “classic” scam; it’s positively an antique).

It’s the same tip as with fear: if someone is trying to spark greed, then asking for money and/or personal information, they are trying to scam you.

Humans are an emotional animal. No matter how advanced our technologies or societies become, no matter how objective or logical we believe we are, primal emotions can still affect our behavior, and when someone manipulates those feelings into a heightened state, we find ourselves at risk of making mistakes.

Many types of fraud work by stoking one of our most basic emotions: fear. The assumption goes: if you can make someone afraid, they’ll believe anything you say, even if it makes no logical sense.

Here is a list of several common scams and how they use fear to trick victims into handing over money or personal information:

Phishing: uses the fear of losing access to money (“your debit card has been deactivated”) to trick victims into visiting a website that harvests personal information

Lottery scam: mostly appeals to greed (another primal emotion), but also stokes fear of missing out on a once-in-a-lifetime opportunity to trick victims into falling for a counterfeit check scheme

Ransomware: uses fear of losing access to important files to extort payments from victims

In other words, a lot of scams operate by inciting fear.

The key is to understand that the use of fear is an extremely common (if not the most common) tactic, and to be able to recognize when someone is trying to make you afraid. This requires a certain amount of self-awareness, and I’m not really sure how one goes about developing that, other than to just slow down and take a moment whenever a stranger is presenting you with alarming information, instead of reacting immediately.

I still haven’t encountered anything that contradicts this fraud prevention axiom:

“Cash this check then wire the money back to me” is a sure sign of a scam.

It’s a fairly easy pattern to spot when it comes to things like lottery scams, because the scammers almost literally use that exact wording. But there are other times where the “wire the money back to me” stage is a little more obscure.

One such case is the Car Wrap Advertising Scam. Below is a scan of an actual letter used to initiate this scheme after the would-be victim responded to a random email or text message offer. This letter came with a cashier’s check for $2,390.00 (click to enlarge):

In this case, they’re not directly saying “wire the money back to me,” but they are telling you to give it to someone else, in the form of setting up a payment to a “Decal Specialist.”

What happens when you contact this person? You’re instructed to wire the money from the check, which will eventually be returned as fraudulent, putting you on the hook for the cash you gave away. It’s the same pattern as a lottery scam, only with an additional step in between.

One reason this scam continues to work is that there are actual wrapped cars out there. We’ve all seen them. However, even in cases where these aren’t company-owned vehicles, legitimate car wrap advertisers share certain features:

They don’t randomly contact you out of the blue via text message or email

They don’t take everyone who applies; they’ll want to know how far you drive each day, where you drive, what kind of car you have, and your driving record

They’re not going to pay you $500 per week. About $1,000 per month seems to be the ceiling, and that’s for absolute ideal (for the advertiser) circumstances (i.e. you drive hundreds of miles per day in an area extremely densely-populated with people within the ad’s target demographic; I’m guessing your car has to meet certain visibility criteria as well, because I’ve mostly seen these ad wraps on lifted, customized 4×4 pickups)

You don’t pay them at any point, and you’re not responsible for passing along money to whomever applies the decals (“Hey stranger we’ve never met in person, here’s a few thousand dollars to give to someone else for us. We’ll just trust you to not keep it.”)

If you’re truly interested in turning your vehicle into a billboard, there are a few links to apparently legitimate agencies in this Penny Hoarder article. But before you act on anything online, be sure to do a lot of research first, and always get in writing what you are agreeing to do and how you will be compensated. If it’s too easy to get the gig, it’s probably a fraudulent offer.

The standard-issue phishing attack relies on sheer numbers as the key to its success; by sending tens of millions of emails, the chances of hooking a few thousand victims is pretty good, regardless of how sophisticated the message itself is.

But there is another type of phishing attack, known as spear phishing, which exchanges quantity for quality, by using insider information to target businesses. Spear phishing attacks are smaller in scale but arguably more effective than their poorly-spelled, randomly-selected cousins.

In a spear phishing attack, you might get a message at your job that appears to come from someone you work with, often a member of management or from another department. This message may request information about financial accounts, login and password information, ask you to open a file or link, or ask that you authorize a wire transfer from your employer’s account. If you comply with these directions, you will make your company vulnerable to financial or data loss.

Most established businesses have a website that reveals the names of management, the board of directors, and people from various departments, which gives would-be cybercriminals the information they need to impersonate an insider.

Communication is the key to preventing spear phishing attacks. Think about any request received via email – is this how the head of the IT department or the CEO really talks? Why are they sending you a file out of the blue? Is it your job to initiate wire transfers? The best defense is to simply confirm with the apparent sender if the message is legitimate or not. Spear phishing attacks use some of the same techniques as regular phishing emails, such as disguised links or infected file attachments. It pays to double-check before you take any action.

There are a few things you can always depend on. Light travels at 299,792,458 meters per second in a vacuum. Objects at rest will remain at rest unless acted upon by an outside force. “Cash this check and wire the money back to me” always equals “scam.”

I haven’t written about it in a while, but the old Mystery Shopper Scam and its variations are still out there. It’s time for a review.

The “classic” version of this scam starts with a job offer emailed out of the blue. If you respond to this message, you’ll be immediately “hired” as a Mystery (or Secret) Shopper. A cashier’s check for a fairly large amount of money (the old ones always seemed to be around $2,900, but there is a lot of variation) will arrive a short time later, with these instructions:

Cash this check at your bank, keeping $100 or $150 for yourself

Take the rest of the cash to the nearest Western Union location

Wire it back to me

Report on the customer service at Western Union

If you follow those instructions, a few days later you will be informed that the check you deposited was counterfeit and that you are now on the hook for the money you received in exchange. Unfortunately, you already wired that money to a stranger and can’t get it back.

Now, things are getting a little more difficult for the scammers. Financial institutions are placing more holds on cashier’s checks and are asking more questions to protect their customers, and after being slapped with a $586 million settlement for essentially letting these scams proliferate for so many years, Western Union is finally doing more to prevent this type of fraud.

But that only means this scam has evolved to work around these problems. Instead of Western Union, some versions involve prepaid gift cards (“cash the check, then buy iTunes gift cards and relay the numbers and PIN to me”), overpaying for purchases from online classifieds (“just wire the extra back to me”) or targeting businesses instead of individuals.

Still, the basic mechanism remains: if someone gives you a check and requests that you convert it to cash (i.e. placing the liability for that check’s authenticity on you, then transfer the money back to them electronically, they’re attempting to steal from you. Regardless of the initial pitch, the pattern holds true. Don’t fall for it.

I mean the attackers are improving. They’re wising up to the fact that actual financial institutions and social networks send emails that are (at least mostly) intelligible, and adjusting their approach accordingly.

You still see plenty of phishing emails with atrocious spelling and weird grammar bordering on word salad, but there is a growing trend toward messages that could be mistaken for legitimate communications, even by someone who is well-informed. As potential victims become more sophisticated, so do the criminals.

One way to defeat phishing attacks is to set yourself up to never use links at all. For every single site you log into – financial institutions, credit cards, social networks, online shopping – create a bookmark in your web browser, and get in the habit of always using that link to log into the website.

That way, if you get an email that looks like it might be real, instead of clicking on a link (or even spending time wondering if you should or not), simply open your web browser and use your already-created bookmark to log into the website of whomever the email purported to come from. If there’s a real message or problem, you’ll find out about it there.

Debt collection generally works like this: a creditor who can’t devote the necessary time and resources needed to recover funds from old delinquent loans sells those debts to a collection agency, often for pennies on the dollar, to cut their losses a little. That agency, which now owns the debt, contacts consumers and tries to negotiate at least partial repayment.

Naturally, there are also con artists posing as debt collectors, attempting to obtain money, personal information, or both from victims. There are also collection agencies who stray from established, legal methods in order to collect legitimate debts. Here are six warning signs to watch for.

They’re trying to collect on a debt you don’t owe

Unscrupulous collectors will sometimes contact people with the same name as the actual debtor, or even settle for someone with a similar name. An outright scam artist might simply invent a debt out of thin air, or threaten random people in hopes that someone will pay out of sheer terror. In any case, never agree to pay a debt you don’t owe. Ask for a written validation notice. If they refuse, that’s a sign of trouble. Get as much information as you can about the agency, and report them to the FTC.

Important Note: collection calls for debts you didn’t incur can also be a signal that you have been a victim of identity theft. If you’ve received such a call, it may be time to check your credit report if you have not done so recently, to look for anything that shouldn’t be there.

They’re threatening you with arrest, lawsuits, or violence

For the most part, debt collectors are allowed to inform you that you owe a debt, provide proof that you owe it, state to whom the debt is owed, and present options for payment. They are not allowed to threaten you with arrest or legal action, and they’re especially not allowed to threaten physical harm to you or those around you.

They’re demanding personal information

Even if you actually owe money, there is no reason for them to ask for personal identifying information or account numbers over the phone. It’s one of the core rules of fraud and identity theft prevention: never reveal personal information to a stranger who contacted you out of the blue.

They won’t give you any information

If the caller won’t tell you the name of the agency, to whom the debt is owed, or anything else about whom he or she represents, be very suspicious. A legitimate collector will be transparent about these things, presumably because they want to actually collect on delinquent debts and stay in business, instead of being shut down by the FTC.

They’re calling in the middle of the night

This applies to a lot of other types of calls, but if they’re calling you before 8:00 a.m. or after 9:00 p.m., you have every reason to suspect either a scam or a rogue debt collector. There are rules about when they can contact you by phone. It’s kind of like putting yourself on the Do Not Call registry; if they’re already violating one rule, what else are they up to?

They keep calling after you’ve told them not to

Even if you’ve got a legitimate debt, you can still tell a collector to stop contacting you about it. Usually you will have to provide this request in writing, but once you do, they’re supposed to knock it off. Of course, if they won’t even provide an address to send said request to in the first place, you already know something is fishy.

Most people in the U.S. exit postsecondary education with at least some student loan debt, and sometimes paying those loans off can present problems. While there are well-established paths to reducing the burden of a large student loan balance, there are also plenty of con artists waiting to take your money and make things even more difficult. Here are a few things to watch out for.

Upfront Fees

It is not illegal per se to charge a fee for services, such as consolidating your federal student loans, that you can do on your own for free, in much the same way that it’s not illegal to charge a fee for tax preparation.

However, any upfront fee for help with student loan repayment is a sure sign of a scam. Don’t pay for anything in advance, and even if they’re not charging an upfront fee, look at what they are charging compared to what you’re actually getting in return. Is it worth it? Do your research on every company you’re considering working with.

Debt Elimination

There are not many ways to have your student loan debt erased completely, and if you’re reading this you already don’t qualify for the primary one (death). Also, if you were taken in by a for-profit college that used falsified job placement numbers to lure students, there may be programs that might help. There are a few other options that apply to very specific cases. Other than those, with very few exceptions, once you have student loan debt, it’s yours until you pay it off. Bankruptcy won’t even touch it.

This means anyone advertising student loan elimination or forgiveness is trying to scam you. There is no way to pay a company a fee in exchange for your student loan debt disappearing. All you’ll end up doing is losing money and ruining your credit.

High Pressure Tactics

If you’re being told that an offer is only good for a certain amount of time, or being pressured in any other way by a salesperson, that’s a sign of a scam. There are no limited-time-only offers when it comes to student debt relief. They don’t hold blowout sales on this stuff.

What You Can Do

You can consolidate your federal student loans, adjust your repayment schedule, defer your repayment period and more yourself, for free, through the Federal Student Aid Office of the Department of Education. If you have private student loans, you can contact those lenders for options as well. There is no compelling need to pay anyone to do these things for you, unless you choose to do so and know what you’re getting into before agreeing to anything. Again, do your research.

Currency revaluation schemes have been around for a long time, and have never once paid off for anyone except the people charging a commission for the sale. Iraqi dinar scams have been going strong since 2003, and the currency has yet to do anything except lose value.

I’ve seen a few recent warnings about something many are referring to as the “Can You Hear Me?” Scam. Basically, someone will call, ask if you can hear them, wait for you to say “yes,” then hang up. Later, they make unauthorized charges to your credit card, and use the recording of you saying “yes” in court to “prove” you agreed to the charges.

Now, any reminder to NOT talk to strangers who call you on the phone or to engage with robocalls in any way is a good reminder, but if you’re like me, you might find a few holes in this specific warning.

For example, unless you have the weirdest credit card in the world and its number is “YES” for some reason, simply saying the word doesn’t automatically give the caller your card information. Despite the existence of Peanut Butter M&M’s, Gus’s World Famous Fried Chicken and the first Doc Watson album, magic isn’t actually real, and nobody can pull your credit card number out of your wallet simply by getting you to say “yes” one time. The scammer would have to already have this information before calling you.

Then, if they’ve already got your card information, why would they bother calling to trick you into appearing to agree to charges? In a vast majority of the cases I’ve seen, scammers aren’t interested in making their schemes complicated. They’re not going to use a recording of you saying “yes” in court because they’re never going to end up in court. If they have your card information, they’re just going to use it. They don’t need to track down a phone number associated with the card in order to get a “yes” they’re never going to need.

So this leaves us with…what, exactly? Is this a real scam? There do not appear to be any documented cases of “said yes/card was charged/disputed the charge/recording ‘proved’ I authorized the charge/no recourse.” But the calls appear to be actually happening, and you have to wonder: what are they up to?

It doesn’t matter. If you get a call and someone just says, “Can you hear me?” hang up. No matter what their intent, it’s not something you want to get involved in.

Even better, stop answering the phone every time it rings. Almost every phone scammer needs you to pick up the phone. If you don’t, you’ve already ruined their scheme. If you recognize a number, go ahead and pick it up, but let everyone else leave a message.

This may be just one of those stories that gets passed around on a better safe than sorry basis, but I like accuracy, and the story being shared by various online sources doesn’t add up. If you do get a call like this, just hang up. But consider letting all unfamiliar calls go to voicemail. It’s the safest method.